Re: [Perc] Request for decision review
"Paul E. Jones" <paulej@packetizer.com> Mon, 16 May 2016 21:47 UTC
Return-Path: <paulej@packetizer.com>
X-Original-To: perc@ietfa.amsl.com
Delivered-To: perc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 51F5B12D51C for <perc@ietfa.amsl.com>; Mon, 16 May 2016 14:47:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.428
X-Spam-Level:
X-Spam-Status: No, score=-3.428 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RP_MATCHES_RCVD=-1.426, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=packetizer.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nQcmvsYC3JOL for <perc@ietfa.amsl.com>; Mon, 16 May 2016 14:47:47 -0700 (PDT)
Received: from dublin.packetizer.com (dublin.packetizer.com [75.101.130.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7484C12B04A for <perc@ietf.org>; Mon, 16 May 2016 14:47:47 -0700 (PDT)
Received: from [192.168.1.20] (cpe-098-122-181-215.nc.res.rr.com [98.122.181.215] (may be forged)) (authenticated bits=0) by dublin.packetizer.com (8.15.2/8.15.2) with ESMTPSA id u4GLljDF018644 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NO); Mon, 16 May 2016 17:47:45 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=packetizer.com; s=dublin; t=1463435266; bh=FlaJmCGmpmEbBS2fDrEoOB+mnrgpx+EDAPpqVwWFhN0=; h=From:To:Subject:Date:In-Reply-To:Reply-To; b=TJz5kpUjQTsxSaNoI7bS68/wJBN3mRfqE9eeIVhpYNE6ee0HIYNo1/0HV2zxqR8Tu ktMhsINVcZlNQfwHIO1I6YWpnRmQt+Py7cH6WXCZpMEbHqaWen+acieT4qXqKT7TVg JnSE3+WgR492d1/SEUXf+/Wiu+qp/kVXXv8y4m6o=
From: "Paul E. Jones" <paulej@packetizer.com>
To: Emil Ivov <emcho@jitsi.org>, Adam Roach <adam@nostrum.com>, perc@ietf.org
Date: Mon, 16 May 2016 21:47:52 +0000
Message-Id: <embf772d31-22be-4f64-b05f-67e7b89e4d81@sydney>
In-Reply-To: <eb637d6a-b3f8-b5f2-9a9e-da20dfb9b3b8@jitsi.org>
User-Agent: eM_Client/6.0.24928.0
Mime-Version: 1.0
Content-Type: text/plain; format="flowed"; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.16 (dublin.packetizer.com [10.137.60.122]); Mon, 16 May 2016 17:47:46 -0400 (EDT)
Archived-At: <http://mailarchive.ietf.org/arch/msg/perc/oVyk6iVsMLi3W7UBpi-6mrUkHqs>
Subject: Re: [Perc] Request for decision review
X-BeenThere: perc@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
Reply-To: "Paul E. Jones" <paulej@packetizer.com>
List-Id: Privacy Enhanced RTP Conferencing <perc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perc>, <mailto:perc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perc/>
List-Post: <mailto:perc@ietf.org>
List-Help: <mailto:perc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perc>, <mailto:perc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2016 21:47:49 -0000
Emil, >The second problem mentioned by Cullen on May 10 is the one about >splicing that's also described here: >https://tools.ietf.org/html/draft-mattsson-perc-srtp-cloud-01#section-7.2.4 > >This can be resolved by simply having an rtp-hdrext attached and signed >by the sender that carries the original SSRC. That part will not be >allowed to change and needs to be copied over by the MDD/SFU together >with the rests of the immutable parts. I don't think there is even an additional signing process required. The sender of the packet will encrypt the packet containing the original SSRC value, with the authentication including that SSRC field. If the MDD preserves that value in the OHB (described in the "double" draft), then the receiving endpoint could restore the original SSRC value in the packet header before attempting to decrypt. If the wrong SSRC is provided, the packet will fail authentication. Having two SSRC numbering spaces that can overlap is unfortunate, though. Using libraries like libsrtp, we would need to have an E2E context and a HBH context. That is, we have to initialize the library twice, because every SSRC and related cryptograhic parameters, replay database, etc. expects a single number space. Thus, to decrypt a packet we would have to do this: srtp_unprotect(hbh_context, packet); do_perc_stuff(packet); // Such as dealing with the OHB field srtp_unprotect(e2e_context, packet); We could hide that extra step by having the library create the second context under-the-covers or creating a wrapper layer around libsrtp (or whatever SRTP library is employed). If we did not create overlapping number spaces, this could be avoided. I personally think having overlapping number spaces is messy. And for what? I still fail to see how performing a 1:1 mapping of an SSRC value does anything to make building the MDD any easier. In fact, I see it as just more complexity. And, it's more complexity for the endpoint (as I note above), juggling E2E and HBH SSRC values. Paul
- Re: [Perc] Request for decision review Miguel París Díaz
- Re: [Perc] Request for decision review Roni Even
- Re: [Perc] Request for decision review David Benham (dbenham)
- Re: [Perc] Request for decision review Roni Even
- Re: [Perc] Request for decision review David Benham (dbenham)
- Re: [Perc] Request for decision review Roni Even
- Re: [Perc] Request for decision review David Benham (dbenham)
- Re: [Perc] Request for decision review Roni Even
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Miguel París Díaz
- Re: [Perc] Request for decision review Bernard Aboba
- [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Adam Roach
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Bernard Aboba
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Bernard Aboba
- Re: [Perc] Request for decision review Cullen Jennings
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Adam Roach
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Eric Rescorla
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Emil Ivov
- Re: [Perc] Request for decision review Paul E. Jones
- Re: [Perc] Request for decision review Bernard Aboba
- Re: [Perc] Request for decision review Miguel París Díaz